>> Paulo,
>> Don't take it personal but this seems like rather a crummy
>> solution compared to
>> other crypto APIs. That a too large argument gives an error
>> is IMHO a bug.
>Dont't take it personal either but we are talking about external signatures and as such
>> Don't take it personal but this seems like rather a crummy
>> solution compared to
>> other crypto APIs. That a too large argument gives an error
>> is IMHO a bug.
>Dont't take it personal either but we are talking about external signatures and as such
>it's your responsability to know what you are
doing. Knowing the size is about the crypto API
>and last time I looked iText was not a crypto
API.
there are indeed
some crypto related APIs but let us not split hairs on such issues
:-)
>If you use the automatic way it's all taken
care for you;
Yes. Good.
>if you use external signatures the control is
on your side.
I don't disagree with that but I think that the
correspondence between PdfSignatureAppearance.setExternalDigest
and PdfPKCS7.setExternalDigest is less than optimally
documented.
Question: Would it be technically
possible to first create the external signature and do the two
setExternalDigest after, without screwing up
iText?
I'm working with a generic signature application
and in such a tool you simply cannot ask the user to sign twice (!)
just to be able to set up buffers. Any tips would be much
appreciated.
If possible I would like to [long-term] replace the
sequence
sap.setExternalDigest (new byte[128], new
byte[20], "RSA");
.
.
sig.setExternalDigest (externalsigner (hash), hash, "RSA");
sig.setExternalDigest (externalsigner (hash), hash, "RSA");
with
sig.setExternalDigest (sap, externalsigner(hash), hash, "RSA");
regards
Anders
> My suggestion is that you document minimum sizes but handle oversized
> arguments automatically in a future version of iText.
>
> Another passibility is introducing another method which does
> not require
> any dimensioned arguments at all. I get a bit "C-sick" when I have to
> reserve buffer-space for internal operations in a java program...
>
> I love iText BTW!
>
> best
> Anders Rundgren
>
>
> >
> > Paulo Soares wrote:
> > > Replace "new byte[128]" with "new byte[256]".
> > >
> > > Paulo
> > >
> > >> -----Original Message-----
> > >> From: [EMAIL PROTECTED]
> > >> [mailto:[EMAIL PROTECTED] On
> > >> Behalf Of Android Andrew [:]
> > >> Sent: Friday, September 15, 2006 12:42 PM
> > >> To: [email protected]
> > >> Subject: [iText-questions] IllegalArgumentException: The key
> > >> /Contents istoo big. (RSA 2k ???)
> > >>
> > >> Hello everybody!
> > >>
> > >> I've faced with problem similar to described here:
> > >> 26 Oct 2005
> > >> http://www.mail-archive.com/[EMAIL PROTECTED].
> > >> net/msg19419.html
> > >>
> > >> If I'm using 1k length private key, everything is Ok, but
> > if I try to
> > >> use 2k length key, I get this:
> > >>
> > >> Exception in thread "main"
> > >> java.lang.IllegalArgumentException: The key
> > >> /Contents is too big. Is 522, reserved 264
> > >> at
> > >> com.lowagie.text.pdf.PdfSignatureAppearance.close(PdfSignature
> > >> Appearance.java:1040)
> > >>
> > >> My code is based on receipt from
> > >> http://itextpdf.sourceforge.net/howtosign.html#signextstd
> > >>
> > >> Does anybody faced with such problem or knew how to deal with it?
> > >>
> > >>
> > >>
> > >> Here is a part of my code:
> > >>
> > >> ....
> > >> KeyStore ks = KeyStore.getInstance("pkcs12");
> > >> ks.load(new FileInputStream(KeyFileName),
> > >> Pass.toCharArray());
> > >> String alias = (String) ks.aliases().nextElement();
> > >> PrivateKey key =
> > >> (PrivateKey)ks.getKey(alias,Pass.toCharArray());
> > >> Certificate[] chain = ks.getCertificateChain(alias);
> > >> PdfReader reader = new PdfReader(InFileName);
> > >> FileOutputStream fout = new
> > >> FileOutputStream(OutFileName);
> > >> PdfStamper stp =
> > >> PdfStamper.createSignature(reader,fout,'\0');
> > >> PdfSignatureAppearance sap =
> > >> stp.getSignatureAppearance();
> > >> sap.setCrypto(key,chain, null,
> > >> PdfSignatureAppearance.SELF_SIGNED);
> > >> sap.setReason(Reason);
> > >> sap.setLocation(Location);
> > >> if (isVisible)
> > >> sap.setVisibleSignature(new
> > >> Rectangle(475,15,575,115),
> > >> 1, null);
> > >> sap.setExternalDigest(new byte[128], null, "RSA");
> > >> sap.preClose();
> > >> PdfPKCS7 sig = sap.getSigStandard().getSigner();
> > >> Signature sign =
> Signature.getInstance("SHA1withRSA");
> > >> sign.initSign(key);
> > >> byte buf[] = new byte[8192];
> > >> int n;
> > >> InputStream inp = sap.getRangeStream();
> > >> while ((n = inp.read(buf)) > 0) {
> > >> sign.update(buf,0,n);
> > >> }
> > >> sig.setExternalDigest(sign.sign(), null, "RSA");
> > >> PdfDictionary dic = new PdfDictionary();
> > >> dic.put(PdfName.CONTENTS, new
> > >> PdfString(sig.getEncodedPKCS1()).setHexWriting(true));
> > >> sap.setCertified(true);
> > >> sap.close(dic);
> > >> ...
> > >>
> > >>
> > >> --------------------------------------------------------------
> > >> -----------
> > >> Using Tomcat but need to do more? Need to support web
> > >> services, security?
> > >> Get stuff done quickly with pre-integrated technology to make
> > >> your job easier
> > >> Download IBM WebSphere Application Server v.1.0.1 based on
> > >> Apache Geronimo
> > >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&
> > >> dat=121642
> > >> _______________________________________________
> > >> iText-questions mailing list
> > >> [email protected]
> > >> https://lists.sourceforge.net/lists/listinfo/itext-questions
> > >>
> > >
> > >
> > > Aviso Legal:
> > > Esta mensagem é destinada exclusivamente ao destinatário.
> > Pode conter informação confidencial ou legalmente protegida.
> > A incorrecta transmissão desta mensagem não significa a perca
> > de confidencialidade. Se esta mensagem for recebida por
> > engano, por favor envie-a de volta para o remetente e
> > apague-a do seu sistema de imediato. É proibido a qualquer
> > pessoa que não o destinatário de usar, revelar ou distribuir
> > qualquer parte desta mensagem.
> > >
> > > Disclaimer:
> > > This message is destined exclusively to the intended
> > receiver. It may contain confidential or legally protected
> > information. The incorrect transmission of this message does
> > not mean the loss of its confidentiality. If this message is
> > received by mistake, please send it back to the sender and
> > delete it from your system immediately. It is forbidden to
> > any person who is not the intended receiver to use,
> > distribute or copy any part of this message.
> > >
> > >
> > >
> > >
> > >
> > --------------------------------------------------------------
> > ----------
> > >
> > >
> > --------------------------------------------------------------
> > -----------
> > > Using Tomcat but need to do more? Need to support web
> > services, security?
> > > Get stuff done quickly with pre-integrated technology to
> > make your job easier
> > > Download IBM WebSphere Application Server v.1.0.1 based on
> > Apache Geronimo
> > >
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&
> > dat=121642
> > >
> > >
> > >
> > --------------------------------------------------------------
> > ----------
> > >
> > > _______________________________________________
> > > iText-questions mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/itext-questions
> >
> > --------------------------------------------------------------
> > -----------
> > Using Tomcat but need to do more? Need to support web
> > services, security?
> > Get stuff done quickly with pre-integrated technology to make
> > your job easier
> > Download IBM WebSphere Application Server v.1.0.1 based on
> > Apache Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&
> > dat=121642
> > _______________________________________________
> > iText-questions mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/itext-questions
> >
>
>
> Aviso Legal:
> Esta mensagem é destinada exclusivamente ao destinatário.
> Pode conter informação confidencial ou legalmente protegida.
> A incorrecta
> transmissão desta mensagem não significa a perca de
> confidencialidade. Se esta mensagem for recebida por engano,
> por favor envie-a
> de volta para o remetente e apague-a do seu sistema de
> imediato. É proibido a qualquer pessoa que não o destinatário de usar,
> revelar ou distribuir qualquer parte desta mensagem.
>
> Disclaimer:
> This message is destined exclusively to the intended
> receiver. It may contain confidential or legally protected
> information. The
> incorrect transmission of this message does not mean the loss
> of its confidentiality. If this message is received by mistake, please
> send it back to the sender and delete it from your system
> immediately. It is forbidden to any person who is not the intended
> receiver to use, distribute or copy any part of this message.
>
> --------------------------------------------------------------
> -----------
> Using Tomcat but need to do more? Need to support web
> services, security?
> Get stuff done quickly with pre-integrated technology to make
> your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on
> Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&
> dat=121642
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
>
>
> --------------------------------------------------------------
> -----------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the
> chance to share your
> opinions on IT & business topics through brief surveys -- and
> earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge
> &CID=DEVDEV
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
Aviso Legal:
Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem.
Disclaimer:
This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions
